Terragrunt assumed role can't access S3

Question

I'm trying to run terragrunt->terraform with assumed roles cross account.

I'm running from a container (I validated the container uses the right role) I've set my aws/credentials profile to work with credential_source = Ec2InstanceMetadata like this

[terra-ops]

role_arn = arn:aws:iam::2222222221:role/pks-ops

credential_source = Ec2InstanceMetadata

taken from here https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html

I added trust relationship between the roles on each account.

and with AWS keys it works well. also with the roles setup I manage to run AWScli to describe reources calls on the other account, but terragrunt fails and debug flag isn't working.

But when I'm trying to run terragrunt->terraform plan I get Remote state S3 bucket prod-terraform-state does not exist or you don't have permissions to access it. Would you like Terragrunt to create it? (y/n)

Terraform version 0.11.15 terragrunt version v0.17.2